Authenticated production

ABSTRACT

Apparatuses and methods associated with authenticated production are disclosed herein. In embodiments, a digital fingerprint processor may be configured to: identify an activation of at least one of the one or more machines to attempt to produce or manufacture at least one of physical product or physical manufacture; responsive to completion of one or more operations associated with the activation by the one or more machines, acquire digital image data of a portion of a physical object on or inside the one or more machines; analyze the digital image data to form a digital fingerprint of the physical object, wherein the digital fingerprint is responsive to structure of the physical object; and store the digital fingerprint in a database record of the database system. Other embodiments may be disclosed or claimed.

COPYRIGHT NOTICE

COPYRIGHT® 2016-2017 Alitheon, Inc. A portion of the disclosure of thispatent document contains material which is subject to copyrightprotection. The copyright owner has no objection to the facsimilereproduction by anyone of the patent document or the patent disclosure,as it appears in the Patent and Trademark Office patent file or records,but otherwise reserves all copyright rights whatsoever. 37 C.F.R. §1.71(d)(2017).

TECHNICAL FIELD

The present disclosure relates to the field of centralized databasesstoring digital fingerprints of objects that enable enhanced security,rapid searching, and high reliability. Other aspects include methods andapparatus to identify, track, and authenticate physical objectsutilizing a suitable database.

BACKGROUND

Many different approaches are known to uniquely identify andauthenticate objects, including labeling and tagging strategies usingserial numbers, bar codes, holographic labels, RFID tags, and hiddenpatterns using security inks or special fibers. All these methods can beduplicated, and many add substantial costs to the production of theobjects sought to be protected. Physical labels and tags are alsothemselves at risk of being lost, stolen, or counterfeited.

SUMMARY OF THE PRESENT DISCLOSURE

The following is a summary of the present disclosure in order to providea basic understanding of some features and context. This summary is notintended to identify key/critical elements of the disclosure or todelineate the scope of the disclosure. Its sole purpose is to presentsome concepts of the present disclosure in a simplified form as aprelude to a more detailed description that is presented later.

There are many known approaches to establishing or reestablishing theauthenticity of an object, including secure supply chains, expertassessment, and counterfeit detection. With the growth, however, ofdigital production (for example on a 3-D printer) and the ease ofcopying the digital files that drive such production, current productionmethods have become less secure. What is lacking in current methods, andis provided by the present disclosure, is the integration of theauthentication and production processes into a single secure process. Inembodiments, a digital fingerprint processor may be configured to:identify an activation of at least one of the one or more machines toattempt to produce or manufacture at least one of physical product orphysical manufacture; responsive to completion of one or more operationsassociated with the activation by the one or more machines, acquiredigital image data of a portion (e.g., an entire portion or someportion) of a physical object on or inside the one or more machines;analyze the digital image data to form a digital fingerprint of thephysical object, wherein the digital fingerprint is responsive tostructure of the physical object; and store the digital fingerprint in adatabase record of the database system.

Additional aspects and advantages of this disclosure will be apparentfrom the following detailed description of preferred embodiments, whichproceeds with reference to the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to describe the manner in which the above-recited and otheradvantages and features of the present disclosure can be obtained, amore particular description follows by reference to the specificembodiments thereof which are illustrated in the appended drawings.Understanding that these drawings depict only typical embodiments of thedisclosure and are not therefore to be considered to be limiting of itsscope, the disclosure will be described and explained with additionalspecificity and detail through the use of the accompanying drawings inwhich:

FIG. 1A is a simplified flow diagram illustrating a method for creatingand recording a digital fingerprint of an object in a database.

FIG. 1B illustrates an example of an alternative process for featureextraction.

FIG. 2 is a simplified flow diagram illustrating a method for matching adigital fingerprint of a target object to a database of existing digitalfingerprints.

FIG. 3 is a simplified conceptual diagram showing a method for scanningof an object at various times and places along a manufacture anddistribution chain.

FIG. 4 is a simplified conceptual diagram illustrating an example of theuse of a mobile device application to query authentication informationrelated to an object.

FIG. 5 is a simplified flow diagram illustrating a method for trackingan object to verify its provenance.

FIG. 6 illustrates an example of authentication region and objectfeature definition for a U.S. passport.

FIG. 7 is a simplified block diagram of aspects of an example system forimplementing some embodiments of authenticated production using amachine to produce manufacture physical products or manufactures.

FIG. 8 is a simplified flow diagram of an example of a process forauthenticated production, in some embodiments.

FIG. 9 is a simplified flow diagram of an example of a process forauthenticated production, in some embodiments.

FIG. 10 is a simplified block diagram of aspects of another examplesystem for implementing some embodiments of authenticated productionusing a machine to produce manufacture physical products or manufacturesfrom inducted components.

FIG. 11 and FIG. 12 illustrate illicit activity that may corrupt asupply chain.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

Reference will now be made in detail to embodiments of the inventiveconcept, examples of which are illustrated in the accompanying drawings.The accompanying drawings are not necessarily drawn to scale. In thefollowing detailed description, numerous specific details are set forthto enable a thorough understanding of the inventive concept. It shouldbe understood, however, that persons having ordinary skill in the artmay practice the inventive concept without these specific details. Inother instances, well-known methods, procedures, components, circuits,and networks have not been described in detail so as not tounnecessarily obscure aspects of the embodiments.

It will be understood that, although the terms first, second, etc. maybe used herein to describe various elements, these elements should notbe limited by these terms. These terms are only used to distinguish oneelement from another. For example, a first machine could be termed asecond machine, and, similarly, a second machine could be termed a firstmachine, without departing from the scope of the inventive concept.

The terminology used in the description of the inventive concept hereinis for the purpose of describing particular embodiments only and is notintended to be limiting of the inventive concept. As used in thedescription of the inventive concept and the appended claims, thesingular forms “a,” “an,” and “the” are intended to include the pluralforms as well, unless the context clearly indicates otherwise. It willalso be understood that the term “and/or” as used herein refers to andencompasses any and all possible combinations of one or more of theassociated listed objects. It will be further understood that the terms“comprises” and/or “comprising,” when used in this specification,specify the presence of stated features, integers, steps, operations,elements, and/or components, but do not preclude the presence oraddition of one or more other features, integers, steps, operations,elements, components, and/or groups thereof.

The methods described in the present disclosure enable theidentification of an object without the need for attaching orassociating physical tags or identifying materials with the object. Asystem does this by creating a unique digital signature for the object,which is referred to as a digital fingerprint. Digital fingerprintingutilizes the structure of the object, including random and deliberatefeatures created during the manufacturing or use of the object, togenerate a unique digital signature for that object similar to the wayin which a human fingerprint references the friction ridges on a finger.Also, like a human fingerprint, the digital fingerprint can be storedand retrieved to identify objects when they are encountered at a laterdate.

Eliminating the need to add tags or any physical modifications to theobject offers a number of advantages to manufacturers, distributors,sellers, and owners of goods. Forgoing the addition of physicalidentifiers reduces the cost of manufacturing and is more secure thanphysical togging. Moreover, physical identifiers can be lost, modified,stolen, duplicated, or counterfeited whereas digital fingerprintscannot.

Unlike prior art approaches that simply utilize a comparison of pixels,a system in accordance with the present disclosure utilizes theextraction of features to identify and authenticate objects. Featureextraction enables users to take a large amount of information andreduce it to a smaller set of data points that can be processed moreefficiently. For example, a large digital image that contains tens ofthousands of pixels may be reduced to a few locations of interest thatcan be used to identify an object. This reduced set of data is called adigital fingerprint. This digital fingerprint contains a set offingerprint features or locations of interest which are stored asfeature vectors. Feature vectors make image processing more efficientand reduce storage requirements as the entire image need not be storedin the database, only the feature vectors need to be stored. Examples offeature extraction algorithms include but are not limited to edgedetection, corner detection, blob detection, wavelet features, Gabor,gradient and steerable output filter histograms, scale-invariant featuretransformation, active contours, shape contexts, and parameterizedshapes.

While the most common applications of the system may be in theauthentication of manufactured goods and documents, the system isdesigned to be applicable to any object that can be identified,characterized, quality tested, or authenticated with a digitalfingerprint. These include but are not limited to mail pieces, parcels,art, coins, currency, precious metals, gems, jewelry, apparel,mechanical parts, consumer goods, integrated circuits, firearms,pharmaceuticals, and food and beverages. Here the term “system” is usedin a broad sense, including the methods of the present disclosure aswell as apparatus arranged to implement such methods.

Scanning

In this application, the term “scan” is used in the broadest sense,referring to any and all means for capturing an image or set of images,which may be in digital form or transformed into digital form. Imagesmay, for example, be two dimensional, three dimensional, or in the formof a video. Thus a “scan” may refer to an image (or digital data thatdefines an image) captured by a scanner, a camera, a specially adaptedsensor or sensor array (such as a CCD array), a microscope, a smartphonecamera, a video camera, an x-ray machine, a sonar, an ultrasoundmachine, a microphone (or other instruments for converting sound wavesinto electrical energy variations), etc. Broadly, any device that cansense and capture either electromagnetic radiation or mechanical wavethat has traveled through an object or reflected off an object or anyother means to capture surface or internal structure of an object is acandidate to create a “scan” of an object. Various means to extract“fingerprints” or features from an object may be used for example,through sound, physical structure, chemical composition, or many others.The remainder of this application will use terms like “image” but whendoing so, the broader uses of this technology should be implied. Inother words, alternative means to extract “fingerprints” or featuresfrom an object should be considered equivalents within the scope of thisdisclosure.

Authenticating

In this application, different forms of the words “authenticate” and“authentication” will be used broadly to describe both authenticationand attempts to authenticate which comprise creating a digitalfingerprint of the object. Therefore, “authentication” is not limited tospecifically describing successful matching of inducted objects orgenerally describing the outcome of attempted authentications. As oneexample, a counterfeit object may be described as “authenticated” evenif the “authentication” fails to return a matching result. In anotherexample, in cases where unknown objects are “authenticated” withoutresulting in a match and the authentication attempt is entered into adatabase for subsequent reference the action described as“authentication” or “attempted authentication” may also, post facto,also be properly described as an “induction”. An authentication of anobject may refer to the authentication of an entire object or of aportion of an object.

Authentication Regions

Because digital fingerprinting works with many different types ofobjects, it may be useful to define what regions of digital images ofobjects are to be used for the extraction of features for authenticationpurposes. The chosen regions may vary for different classes of objects.In some embodiments, a chosen region may be the image of the entireobject; in other embodiments chosen regions may be one or moresub-regions of the image of the object.

For instance, in the case of a photograph, a digital image of the entirephotograph may be chosen for feature extraction. Each photograph isdifferent and there may be unique feature information anywhere in aphotograph. In such a case, the authentication region may be the entirephotograph.

In some embodiments, multiple regions may be used for fingerprinting. Insome examples, there may be several regions where significant variationstake place among different similar objects that need to be distinguishedwhile, in the same objects, there may be regions of little significance.In other examples, a template may be used (see FIG. 6 ) to defineregions of interest, including elimination of regions of littleinterest.

In one embodiment, an object, such as a bank note, may be deemedauthenticated if a few small arbitrary regions scattered across thesurface are fingerprinted, possibly combined with one or morerecognitions of, for example, the contents of a region signifying thevalue of the bank note or one containing the bank note serial number. Insuch examples, the fingerprints of any region (along with sufficientadditional information to determine the bank note value and itspurported identity) may be considered sufficient to establish theauthenticity of the bill. In some embodiments, multiple fingerprintedregions may be referenced in cases where one or more region may beabsent from an object (through, for example, tearing) when, for example,a bank note is presented for authentication. In other embodiments,however, all regions of an object may need to be authenticated to ensurean object is both authentic and has not been altered.

In one embodiment, a passport may provide an example of featureextractions from multiple authentication regions, see FIG. 6 . In thecase of a passport, features chosen for authentication may be extractedfrom regions containing specific identification information such as thepassport number, the recipient name, the recipient photo, etc., asillustrated in FIG. 6 . In some examples, a user may define a featuretemplate specifying the regions whose alteration from the original wouldinvalidate the passport, such as the photo, identifying personal data,or other regions considered important by the user.

In some embodiments, an ability to define and store optimalauthentication regions for classes of objects may offer benefits to auser. In some embodiments, it may be preferable to scan limited regionsof objects rather than to scan entire objects. For instance, in the caseof an article of designer clothing, scanning a clothing label may bepreferable to scanning an entire garment. Further, defining such regionsmay enable detection of partial alteration of an object.

Once an authentication region is defined, specific applications may becreated for different markets or classes of objects that may assistusers in locating and scanning an optimal authentication region. In someembodiments, for example when utilizing a mobile device, a location boxand crosshairs may automatically appear in the viewfinder of asmartphone camera application, to help the user center the camera on anauthentication region, and automatically lock onto a region and completea scan when the device is focused on an appropriate area. It should benoted that, although some examples suggested above are two-dimensionalobjects (passport, bank note), the present disclosure is fullyapplicable to three-dimensional objects as well. As previously noted,scanning may be of any kind, including 2-D, 3-D, stereoscopic, HD, etc.and is not limited to the use of visible light or to the use of light atall (as previously noted, sonar and ultrasound are, for example,appropriate scanning technologies).

In some embodiments, objects may have permanent labels or otheridentifying information attached to them. In addition to the objectsthemselves, these attachments may also be referenced as features fordigital fingerprinting, particularly where the label or otheridentifying information becomes a permanent part of the object. In oneexample, a permanent label may be used as an authentication region forthe object to which it is affixed. In another example, a label may beused in conjunction with the object itself to create a fingerprint ofmultiple authentication regions referencing both a label and an objectto which the label is affixed.

In one example, wine may be put into a glass bottle and a label affixedto the bottle. Since it is possible that a label may be removed andre-applied elsewhere merely using the label itself as an authenticationregion may not be sufficient. In this case the authentication region maybe defined so as to include both a label and a substrate it is attachedto—in this example some portion of a label and some portion of a glassbottle. This “label and substrate” approach may be useful in definingauthentication regions for many types of objects, such as various typesof goods and associated packaging. In other instances, authenticationmay reveal changes in the relative positions of some authenticationregions such as in cases where a label has been moved from its originalposition, which may be an indication of tampering or counterfeiting. Ifan object has “tamper-proof” packaging, this may also be included in theauthentication region.

In some embodiments, multiple authentication regions may be chosen fromwhich to extract unique features. In a preferred embodiment, multipleauthentication regions may be selected to enable the separateauthentication of one or more components or portions of an object. Forexample, in one embodiment, features may be extracted from two differentparts of a firearm. Both features may match the original firearm butsince it is possible that both parts may have been removed from theoriginal firearm and affixed to a weapon of different quality, it mayalso be useful to determine whether the relative positions of the partshave changed. In other words, it may be helpful to determine that thedistance (or other characteristics) between Part A's authenticationregion and Part B's authentication region remains consistent with theoriginal feature extraction. If the positions of Parts A and B are foundto be consistent to the relative locations of the originalauthentication regions, the firearm may be authenticated. Specificationsof this type may be stored with or as part of a digital fingerprint ofan object.

Once a digital fingerprint of an object is acquired, a characterizationof the object and corresponding fingerprint may be recorded in adatabase. For example, in some embodiments, a fingerprint may compriseone or more feature vectors. In some applications, the database may besecure. In some embodiments, a unique identifier or ID may be assignedto an object, for example in cases where an ID may be a convenient indexin an application. However, an ID is not required since a digitalfingerprint itself may serve as a key for searching a database. In otherwords, by identifying an object by the unique features andcharacteristics of the object itself, arbitrary identifiers, labels,tags, etc. are rendered unnecessary.

FIG. 1A is a simplified flow diagram illustrating a method 1M forcreating and registering a digital fingerprint of an object in adatabase. The process, in one embodiment, includes acquiring a digitalimage data of the object, at block 102, as described above. A variety ofscanning technologies and devices may be used as previously noted. Next,features are extracted, at block 104, from the digital image data. Asabove, specific features or regions of interest (authentication regions)may be selected in anticipation of subsequent identification orauthentication attempts of an object. The extracted features areanalyzed and feature vectors are extracted to form a digitalfingerprint, indicated at block 106. The digital fingerprint may bestored in a database record at block 108. Other forms of searchabledigital data storage should be deemed equivalents. Further, at block110, initialization data may be added to the database record orassociated with it in a related table. This data may be associated withthe physical object that was scanned. This data may be, for example, adescription, manufacturer, model number, serial number, contents, or anyother data deemed appropriate or useful for the object or a class ofobjects.

FIG. 1B illustrates an example of a process that includes more robustfeature extraction. In one embodiment, the process similarly begins withacquiring digital image data, at block 120. At least one authenticationregion is selected, at block 122. This may be done by analysis of theimage data, analysis of related image data, by reference to apredetermined template that defines at least one authentication region,or other means. The next block 124 calls for extracting a feature vectorfrom a selected authentication region. A feature vector may be used torepresent features of a region in a more compact form. In some examples,a feature vector may comprise an army of color or gray scale numericvalues corresponding to areas within the selected authentication region.The values may each comprise a sum, average, maximum, or other functionof the individual values of a corresponding group of pixels forming asub-part of the region. In some embodiments, a feature vector mayidentify a location and shape of a distinctive aspect within a selectedregion. In decision 126, there may be additional feature vectors to beextracted from the same image data. In that case, the flow returns, path130, to repeat the feature extraction block 124. The loop comprisingblock 124, path 130, and decision 126 may repeat until all desiredfeature vectors are collected. Optionally, there may be anotherauthentication region to process in the same image data, see decision132. In that case, path 133 is traversed back to block 122 for furtherfeature extraction with respect to one or more additional authenticationregion. Then some, or all, of the extracted feature vectors may becombined to form a digital fingerprint, block 134, which is then storedin a database record, block 136, along with related data, block 138, asmentioned above. The process returns or concludes at block 140.

A database of digital fingerprints may form the basis of a system toidentify or track an object in a supply chain, distribution network,sales channel, or any other series of locations, ownerships, orpossessions. An identification system based on digital fingerprintinghas unique advantages and capabilities that are not available withidentification systems based on currently available methods.

Current identifiers such as holograms, bar codes, and serial numbers mayall be duplicated (or otherwise counterfeited) with varying degrees ofeffort. Because such identifiers are vulnerable to diversion andcounterfeiting, a counterfeit object with a duplicated identifier—andcounterfeit objects with otherwise counterfeited identifiers—may enter asupply chain or distribution network. The counterfeit identifiers maysubsequently be registered in a conventional identification ortrack-and-trace system. All current identification systems rely ondetermining whether the identifier (label, hologram, RFID tag) islegitimate, not whether the object itself is legitimate.

Due to this weakness, identification and tracking systems based onconventional approaches like bar codes or serial numbers cannot preventcounterfeit objects from entering a supply chain or prevent theresulting corruption of the system database. A counterfeit object may bemistakenly identified as genuine, and generate a false audit trail as itis identified through the supply chain. Two or more objects with thesame ID (one genuine, one or more counterfeit) may exist at the sametime without detection. Without physically examining the objects it maybe impossible to tell which object is genuine and, depending on thequality and origin of the counterfeits, even physical examination of anobject may be insufficient to determine its authenticity.

Once a counterfeit object has been detected in a conventional system,false audit trails must be removed from the system database to restoreintegrity. This may be difficult depending on the structure of thedatabase and the complexity of the identification data. In some cases,the objects may not have any further contact with a system (for instanceif they are purchased by a consumer), and the record will never beidentified as false, leaving the database permanently corrupted.

In some embodiments of the present disclosure, an object may be scannedand identified at initial manufacture. Alternatively, an object may bescanned and identified at any subsequent time or location for entry intoa database. Preferably, the scanning and identification is carried outwhen an object is either in the possession of its manufacturer or hasbeen transferred by secure means to the point of scanning so that itslegitimacy at the point of identification may be adequately established.However, this is not necessary and the adequate legitimacy of an objectmay be established through various other means both prior to orfollowing induction.

In an embodiment, the system subsequently identifies the scanned andidentified object every time the object is scanned again, typically atdiscrete steps in manufacturing, distribution, and sale, and as part ofa data collaboration scheme. FIG. 2 is a simplified flow diagramillustrating a method 200 for matching a digital fingerprint of a targetobject to a database of existing digital fingerprints. Block 202 showsacquisition of the image data of a “target object” i.e., the objectsought to be identified or authenticated by returning a match in thedatabase. Features are extracted the target object image data at block204, as discussed above. A new (second) digital fingerprint record iscreated based on the extracted features at block 206. The next step isquerying the database, block 208, for a record that matches the seconddigital fingerprint record. “Matching” in this context may reflect athreshold confidence level rather than a binary decision. The requisiteconfidence level may vary depending on the specific application. Theconfidence level required may be varied dynamically responsive to thedata and experience with a given system. If no “matching” record isreturned, decision 210, the second digital fingerprint record (thedigital fingerprint (“FP”) of the target object), block 212, is updatedto reflect that no match was returned. If a match is returned, thematching record is updated to reflect the match at block 214, forexample, it may be linked to the second record. The results may bereturned to the user at block 216.

Examples of scanning locations might include scanning at the point ofmanufacture, when packaged, when placed in inventory, when shipped, andat a retail point of sale (e.g. upon arrival and again when sold), asillustrated in the tracking process 300 of FIG. 3 . Scans may take placeas a part of a data collaboration scheme. Each scan may be used toupdate a remote database.

As previously described, a “scan” may refer to an image (or to digitaldata that defines an image) captured by a broad range of capturingdevices. In an embodiment, a scan of an object may capture both featuresof the object and features of an identifier that has been attached tothe object. Feature vectors extracted from authentication regionslocated on an attached identifier are based on the substances of whichthe identifier is physically comprised rather than the information(typically alphanumeric) that is intended to be communicated by theidentifier. For instance, in the case of a wine bottle, features may becaptured from the bottle and from a label affixed to the bottle. If thelabel includes a standard UPC bar code, the paper of the label and theink pattern of the bar code may be used to extract a feature vectorwithout reading the alphanumeric information reflected by the bar code.An identifier, such as a UPC bar code print consisting of lines andnumbers, has no greater significance in the creation and use of afeature vector than a set of randomly printed lines and numbers.

FIG. 4 is a simplified conceptual diagram illustrating an example of theuse of a mobile device application to query authentication informationrelated to an object. Here, various computing devices or terminals 402may have access over a network, for example, the internet 404, to cloudcomputing facilities or services such as a cloud server or otherdatastore 406. For example, devices 402 may be located at various pointsalong a distribution chain as illustrated in FIG. 3 , each locationscanning an object and updating a cloud server or other datastore 406.

A server 412 may be provisioned to provide identification and/ortracking data analysis and reporting. The server 412 has access to adatabase 420 which may be used to store digital fingerprints and relateddata. The server can query or search the database 420 for digitalfingerprint search and matching. The database 420 is preferably coupledto the cloud server 406 in some embodiments. A mobile user device 410such as a smartphone, tablet, laptop computer, or dedicated device maybe configured for communications with the server 412 to request andreceive a reply or authentication report for an object of interest. Thisarchitecture is simplified, and in any event, is merely illustrative andnot intended to be limiting.

In some embodiments, sensors may be attached to the object, and sensordata can flow back to the database in either a continuous fashion (nearreal time), or in discrete data transfer events. For example, datatransfer may occur when an authentication event occurs. For instance, ifthere is a GPS chip attached to the object, data flow can start when theobject is first registered in the system, and continue to flow as theobject changes location. Continuous or intermittent data updates mayalso be buffered in local memory in a sensor attached to an object, andthen downloaded the next time the object is scanned and authenticated.This example provides an itinerary record of where the object hastraveled.

As an example of the potential uses of sensor data, many products likefood and beverages can degrade with exposure to certain environmentalfactors during storage and shipment. Examples of sensor data couldinclude temperature, humidity, light exposure, altitude, oxygen level,or other factors, as well as location such as GPS data.

FIG. 5 is a simplified flow diagram illustrating one embodiment of aprocess 500 for identifying an object to verify its provenance. Here, anexpected itinerary of an object (a series of locations) may be stored ina datastore if known, block 502. The methods and systems described abovemay be used to track the object to the next location, block 504. If theobject does not arrive as expected (where and when expected according tothe itinerary), the failure may be reported to a user, block 506. In anembodiment, an object that arrives later than expected may be subjectedto closer matching scrutiny to ensure its identity.

The next step, block 510, is to query the database for the next valid orexpected location. A unique itinerary may not be known, but a set ofvalid or expected locations may be known. The next actual location ofthe object (as determined by imaging and matching digital fingerprints)may be compared to the expected location(s) returned by the database,block 512. If that comparison indicates a departure from the expected orauthorized route, decision 520, the result may be reported to a user,block 522. (A report that the object is on track may be reported aswell.) Other options may be implemented such as a quantity check, block524. The process returns or terminates at block 526.

Most existing identification systems are designed only to be accessed bymanufacturers or their authorized distributors, and some requirespecialized scanners or equipment. However, consumers also have a vestedinterest in determining whether the objects they are buying areauthentic. Other parties may also have an interest in determining theauthenticity of an object, for example in response to offered or futureincentives for object data collection. In some embodiments, the presentsystem is designed to enable anyone along the supply, distribution, orsales chain, from manufacturer to the retail consumer or other membersof the public, to access the system and determine whether the object isauthentic. A specialized scanner is not required in all cases. Forexample, in one embodiment a mobile phone application designed forpublic use can be employed to scan an object, query the database, anddetermine if the object is authentic.

Finally, data collected by a digital fingerprinting system offers avariety of useful information to stakeholders along the supply,distribution, and sales chain. Reports can be generated on individualobjects, or on sets of objects. These reports can include, but are notlimited to, the locations of objects over time, audit trails, points ofentry of counterfeit goods, and exposure to environmental variables overthe course of an object's lifetime.

Tags and Bar Codes

In some instances, an identifier such as a tag or a label may beconsidered a useful addition to an object, mainly for two reasons. Thefirst main reason is that a human may need to reference it forinformation. For example, a tag or a label may inform a store clerk asto the particular style and size of a piece of clothing by a particularmanufacturer, or it may tell a postal carrier the address to which amail piece should be delivered. The second main reason has to do withthe employment of machine-readable tags, for example when an IntelligentMail Barcode on a mail piece (unreadable by humans) is used to route themail piece by machine. The entire class of existing machine-readabletags can be replaced by the methods of the present disclosure. In someinstances, tags or labels may still be needed for human information butthey are unnecessary for the purpose of authentication or anymachine-readability functions.

Because digital fingerprinting exploits natural features and ofteninvolves scanning an object under variable conditions, it is highlyunlikely that two different scans will produce the exact samefingerprint. As a result, an ability to look up objects in the databasewhen there is a near-miss is included. In one example, two featurevectors [0, 1, 5, 5, 6, 8] and [0, 1, 6, 5, 6, 8] are not identical but,given a certain difference metric, they may be close enough to say witha level of certainty that they are from a certain object that has beenscanned before. This is particularly true if, otherwise, the nearestfeature vector of a different object is, for example, [5, 2, 5, 8, 6,4]. For example, a distance between vectors of n-dimensions may becalculated and used as one metric of similarity or “closeness of match”between two or more vectors. The distance to the next nearest candidatemay also be considered.

Global Versus Regional Feature Matching

In some embodiments, where we have an original document or other objectfingerprinted, the digital fingerprinting techniques allowregion-by-region matching, making apparent which (if any) regions havechanged from the original. Thus, for example, a good overall match on apassport may be achieved but if none of the matches happen in thephotograph it becomes apparent that the photograph has likely beenchanged. Further, if some individual or group, say a known terroristgroup, has a certain pattern or regularity to altering passports-such asto change the photo, the date of birth, and one digit of the passportnumber-then this ability to find altered regions may also provide theability to discern a pattern of changes that may be used to identify a“signature” modus operandi of a particular counterfeiter. Thus, aspectsof digital fingerprinting may be applied not only to detect a forged oraltered object, but may also be used to identify a counterfeiter orotherwise discover the source of an altered object.

Authenticated Production

This disclosure teaches an integrated, secure process that combinesproduction or other creation of physical objects with secure inductionof digital information, including a digital fingerprint of that object,into an authentication system for later use. That later use may includeidentification, authentication, tracking, or other purposes. The digitalfingerprint may be associated with other data such as a serial number,manual, photograph, tracking and manufacturer information, or otherinformation. The digital fingerprint and associated information may bestored in a secure database for later use.

The exact method of creating such a digital fingerprint is notimportant, in some embodiments. There are many satisfactory ways toextract a digital fingerprint of an object known in the literature,including SIFT, SURF, and others.

The secure induction process taught here does not depend on anyparticular database system, provided the database is so constructed thatno one, including the creator of the object, can inappropriately enterauthentication data into the system. For example, no one can take anobject he did not create and induct it as though he did. Nor can anyoneenter a non-existent object into the authentication process. Nor cananyone produce an object with the system that is not inducted (this lastis to avoid “midnight runs” of counterfeit objects on a real assemblyline).

Because the creation of the object and the induction of the digitalfingerprint are part of a single process, and because the digitalfingerprint does not rely on tags, labels, barcodes or other artificialidentifiers of an object, the process taught here is better proofedagainst counterfeiting than existing manufacturing processes.

Manufacturing is becoming increasingly decentralized. The advent of 3-Dprinting and other rapid prototyping or small-lot production systems,and the ease with which the digital files behind many such systems canbe copied, mandate an authentication process that at the same timeensures that the local manufacturer cannot corrupt the process (forexample by issuing false certificates of authenticity) while securelytying the object to authenticating information generated when theprovenance of the object is known.

If a manufacturer controls the production, induction, and ultimateauthentication of the object, tying the creation and digitalfingerprinting processes together in a way safe from, say, themanufacturer's own fraud may not be critical. When, however, parts arecontracted out, and particularly when they can be made on relativelyinexpensive equipment from digital files (such as on a 3-D printer), itbecomes important to establish that the digital fingerprints to be usedm authentication are captured as part of the manufacturing process andthat an independent record linking the creation of the object with itsauthentication information be created in a way not corruptible by, say,counterfeiters. That secure integrated process is what this disclosureteaches.

Some embodiments include a single secure process for the automaticcreation and induction (for later authentication) of a digitalfingerprint of an object. In one embodiment, an object is created on a3-D printer. The printer creates the object in accordance with itsinstructions and, while doing so, extracts one or more digitalfingerprints of the object, where those digital fingerprints takeadvantage of the natural randomness of the printing process (e.g.“random” surface features) but may also reference other, deliberatefeatures (e.g., artificial identifiers such as microscopic etchings).The digital fingerprints may be tied to other digital information aboutthe object and the creation process. The digital fingerprints andassociated data are stored securely n a database for later use forauthentication. The overall system is secure from inappropriatetampering by the producer or anyone else, perhaps by encrypting thedatabase to secure it from tampering during the manufacturing process orat a later time.

Among the objects associated with a digital fingerprint of anewly-manufactured object may be a template (for how the just-createdcomponents will later be assembled), a time and date stamp for thecreation, a production device identifying number, product warnings,intended product recipients, sensor data related to, say, a controlledmanufacturing environment, as well as user-supplied information such asproduct manuals and certificates of creation, provenance, orauthenticity. The manufacturing process may automatically create asecure data record for later retrieval as part of object authentication.The ultimate use of the data associated with the object at its point ofcreation is not relevant.

In another embodiment, an artist may create a work of art such as anetching, digitally fingerprint the artwork, associate the digitalfingerprint with an authentication certificate or other informationassociated with the work, and insert the resulting data in a securedatabase for later authentication by say, a purchaser.

In another embodiment, all components that constitute an object may beinducted during their individual production processes. Tat induction mayinclude a list or partial list of all of the final product's inductedcomponents and their intended relationships in the final product. Forexample, while a computer is assembled on an assembly line, each circuitboard, drive, and chip is inducted prior to final assembly. An actor orstakeholder may later to authenticate all critical components of anobject as well as the object itself to verify an object's authenticity.Some embodiments thus provide a much higher level of authenticityassurance, than information acquired from authenticating the outside ofthe completed object. This approach insures against a wide array ofscenarios including sabotage, the swapping of legitimate components forillegitimate, and other fraudulent activities.

In a further embodiment, this method may be used in fraud preventionwhere goods are returned to original supplier or point of sale. A personseeking to commit fraud may intentionally replace the original withnon-standard components. Under the teachings of this disclosure, if, atthe point of manufacture or assembly sanctioned or branded components ofan object are themselves inducted and associated with the final object,the object itself cannot be authenticated unless its associatedcomponents are as well.

FIG. 7 is a simplified block diagram of aspects of an example system 700for implementing some embodiments of authenticated production using amachine 4 to produce manufacture physical products or manufactures. Thesystem 700 includes a database system 19, which may include an interface9 (e.g., a network interface), a storage (not shown) to store a datastructure 16 (e.g., as a table or other object), and a digitalfingerprint processor 15 to control the database system 19. The digitalfingerprint processor 15 may be configured to perform any of theprocesses described with reference to FIGS. 1-6 or any other processdescribed herein.

The machine 4 to produce manufacture physical products or manufacturesmay be any machine such as one to utilize raw materials to producephysical objects (such as a 3D printer to layer a material to form aphysical object, a printer to deposit ink on paper to form a document,or the like, or combinations thereof), or one to utilizeassemble/arrange/connection/etc. one or more components to form a system(e.g., to arrange gears to form a gear train). The machine 4 may includea processor 11 and an interface 8 (e.g., a network interface) tocommunicate with the database system 19 before, during, and/or afterproduction or manufacture for authenticated production.

The digital fingerprint processor 15 may be configured to identify anactivation of the machine 4 to attempt to produce or manufacture atleast one of the physical products or physical manufactures. In someexamples, the digital fingerprint processor 15 may be in communicationwith a processor 11 installed in the machine. For instance, the digitalfingerprint processor 15 may detect the activation of the machine byreceiving a signal generated by the processor 11 and transmitted overthe network to indicate the activation.

The digital fingerprint processor 15 may be configured to acquiredigital image data of a portion of a physical object, which may beinside/on/etc. the machine 4. In some examples, the digital fingerprintprocessor 15 and/or the processor 11 may control a camera 12 that isintegrated in the machine 12 or non-integrated (e.g., a separablecomponent, perhaps a mobile device, mounted on the machine or otherwisepositioned proximate to the machine).

The portion of the physical product may be a completed surface. Forinstance, if the machine 4 is a 3D printer, the camera 12 may capture animage of a completed surface (the 3D print job need not be complete at atime the image is captured so long as the imaged surface is complete).For example, the imaged surface may be edges of completed layers whereadditional layers are still to be deposited on top of the completedlayers. In some examples such as some 3D printing examples, the imagemay be a surface that is to be an external surface of the completed 3Dprint job; however, in other examples the image may be of any surfacethat is to be accessible on completion of the manufacture or production(for instance an image of a surface of a gear on the interior of awatch).

The digital fingerprint processor 15 may be configured to analyze thedigital image data to forma digital fingerprint of the physical object.The digital fingerprint may be responsive to structure of the physicalobject. The digital fingerprint processor 15 may store the digitalfingerprint in a database record 17 of the data structure 16, which maybe to induct at least one of the physical product or physicalmanufacture 5 produced by the machine 4.

It should be appreciated that in some examples, the imaging may be, forinstance, during or after production of the physical product or physicalmanufacture 5. In one example, the imaging may be prior to completion ofthe production of the physical product or manufacture 5 produced by themachine 4 (the image may be of a completed surface and/or a component tobe used to complete production of the physical manufacture, e.g., a gearin the case of producing gear trains or even an unmarked portion of apiece of paper showing a structure of paper fibers in the case ofproducing documents). In some examples, the digital image data may beacquired responsive to completion of one or more operations associatedwith the activation by the machine 4. For instance, the machine 4 may beturned on, initialized, loaded finish some or all phases of fabrication,or the like, or combinations thereof, and the digital image data may beacquired responsive to the completion of one or more of theseoperations. In some examples, the digital image data may be acquiredresponsive to a three-dimension object being fabricated, e.g., partiallyfabricated (the digital image data may be of a completed portion of thethree-dimension object, say a bottom portion of a sidewall of anuncompleted the three-dimension object where additional layers are yetto be added to the top). For instance, the digital image data may be ofa “clean” piece of paper to be used for an initialized print job, or aportion of the piece of paper that has been printed (e.g., markedpaper). The digital image may be acquired of a gear responsive to anassembly of a gear train, or the gear being loaded into the machine(e.g., yet-to-be-assembled into the gear train say positioned on afeeder such as a conveyor to be used to assemble the gear train).

In examples in which the imaging is prior to completion of theproduction, the digital fingerprint processor 15 may perform avalidation check prior to completion of the production. Based on aresult of the validation process, the digital fingerprint processor 15may control the machine 4 to prevent the production from completing inthe case of unauthorized production (e.g., to abort the job). Forinstance, the digital fingerprint processor 15 may signal the processor11 or signal a power supply (not shown) to hinder or stop an attempt fora “midnight run”. In some examples, it may be possible for the processor11 to perform a validation check responsive to an attempt to activationthe machine. For instance, if the processor 11 is unable to communicatewith the digital fingerprint processor 15 responsive to a user controlto operate the machine 4, the process 11 may reject a command to operatethe machine 4 and/or put the machine 4 into a low power state (in whichsay the processor 11 may operate but one or more other components of themachine may not receive operating power).

FIG. 8 is a simplified flow diagram of an example of a process 800 forauthenticated production, in some embodiments. In block 801, a processorof an authentication system (e.g., a digital fingerprint processor incommunication with one or more remote points of manufacture, such asdigital fingerprint processor 15 of FIG. 7 ) may identify an activationof one or more machines to attempt to produce or manufacture physicalproducts or manufactures using the one or more machines.

In block 802, the processor may acquire digital image data of a portionof a physical object proximate to the one or more machines (e.g., on theone or more machines, in the one or machines, or the like, orcombinations thereof) responsive to completion of one or more operationsassociated with the activation by the one or more machines. In block803, the processor may analyze the digital image data to form a digitalfingerprint that is of the physical object and responsive to a structureof the physical object. In block 804, the processor may store thedigital fingerprint in a database record of the database system.

It should be appreciated that some or all of process 800 may beperformed for each physical object to be manufactured by the one or moremachines (e.g., each gear produced by gear-producing machine), in someembodiments. Also, if the physical object is part of an assembly such asa gear-train, some or all of process 800 may be repeated for eachcomponent (e.g., each gear), and some or all of process 800 may berepeated for the assembly. In such a case, each digital fingerprint maybe stored in its own record, which may be linked together.

Some systems or processes of authenticated production may includeauthorization check(s) combined with induction for authentication(authorization features may be used to prevent midnight runs in thefirst place); however, this is not required. Even if a midnight run isperformed without creating records, such product may not may not beinducted into the authentication system and may not be authenticatabledue to the lack of induction. Such non-authenticatable product may bedetected at points of authentication in other parts of a supply chain.

FIG. 9 is a simplified flow diagram of an example of a process 900 forauthenticated production, in some embodiments.

In block 901, a processor of an authentication system (e.g., a processorto control operation of one or more machines, such as processor 11 ofFIG. 7 ) may identify an activation of the one or more machines toattempt to produce or manufacture physical products or manufacturesusing the one or more machines.

In diamond 902, the processor may identify whether it is coupled to anauthentication system, e.g., whether it can communicate with a digitalfingerprint processor). If the processor is not coupled to theauthentication system, the processor may prevent the one or moremachines from producing or manufacturing the physical products ormanufactures in block 903.

In block 904, the processor may identify information about the attempt(e.g., acquire digital image data of a portion of a physical objectproximate to the one or more machines in responsive to completion of oneor more operations associated with the activation by the one or moremachines). In some examples, the one or more machines may include acomponent to limit and/or detect physical access to the physical objectonce loaded into the one or more machines as part of an initialization.

In block 905, the processor may transmit the identified information overthe network to the authentication system (e.g., transmit the acquireddigital image data and optionally other data, such as login credentialsof an operator, time of day, intrusion information, or the like, orcombinations thereof). In block 906, the processor may identify whetherproduction or manufacture is authorized, e.g., may check whether asignal such as an authorization signal is received. In block 907, theprocessor may prevent the one or more machines from producing ormanufacturing the physical products or manufactures, e.g., preventcompletion of one or more additional operations associated with theattempt.

In block 910, if authorized, the processor may not prevent the one ormore machines from producing or manufacturing based on the attempt(e.g., allow all operations by the one or more machines on the physicalobject to produce a single authentication-database-inducted one of thephysical products or manufactures). In block 911, the processor mayidentify metadata about the manufacture or production for the completedattempt (such as time of completion), and may provide the metadata tothe authentication system, which may add the metadata to the record.

FIG. 10 is a simplified block diagram of aspects of another examplesystem 1000 for implementing some embodiments of authenticatedproduction using a machine to produce manufacture physical products ormanufactures from inducted components.

In the illustrated example, a manufacturer may use authenticatedproduction to manufacture a gear train 1020. In one example, themanufacturer may authenticate 1002 a physical object entering a physicalspace controlled by the manufacturer. e.g., the security “wall” 1007.This may be one of the authentication requests 1060. For instance, themanufacturer may receive a physical object, may communicate with digitalfingerprint processor 1042 of a database system over a securecommunications link 1013, e.g., may provide an image of the physicalobject to the digital fingerprint processor 1042. The digitalfingerprint processor 1042 may perform any authenticated processdescribed herein based on the image to match the image to a recordexisting in the secure database server 1044, and may provide a resultresponsive to a match.

The result may verify that the physical object is the gear 1006. In someexamples, the gear 1006 may originate from a secure componentmanufacturer having its own security “wall” 1008. The secure componentmanufacturer may have produced the inducted component 1006 usingauthenticated production including sending and/or receiving informationover secure communications link 1012 and integrated induction imagecapture 1009. For example, the secure component manufacturer may haveperformed any of the processes described with respect to FIGS. 7-9 inassociation with the gear production, and may provide the gear 1006following authenticated production.

Referring again to the gear train manufacturer, the manufacturer may,following authentication, utilize the gear 1006 in assembly 1014 of geartrain 1020 (e.g., may produce a system using gear 1006 and/or some otherinducted components). Also, the gear train manufacturer may induct 1022the gear train 1020 into the database system as part of a productionprocess. The database system may store metadata in the record for thegear train 1020, such as information about an authorized user 1056indicated by authentication credentials supplied in connection with theinduction request, or other metadata for inventory notifications 1054such as information about a time or other characteristic of theauthenticated production of the gear train 1020.

For instance, the gear train manufacturer may perform any of theprocesses described with respect to FIGS. 7-9 in association with thegear train production, and may provide the gear train 1020 for shippingfollowing authenticated production. The database system may linkrecords, e.g., may link a record for the gear train 1020 to a record forthe gear 1006 and any other inducted components from which gear train1020 is assembled 1014.

The database system may be physically located in a different physicalspace than the physical space of security “wall” 1007. For instance, thedatabase system may be located in a security “wall” 1040. Personnelgiven authorization to enter the gear train plant may not necessarily begiven authorization to enter a data center of the database system.

FIG. 11 and FIG. 12 illustrate illicit activity that can corrupt asupply chain. These two diagrams show in highly abbreviated form theillicit activity that can corrupt a supply chain (FIG. 11 ) and someways the technology taught in our patent documents can ameliorate thoseproblems. These diagrams are most useful where the authenticity of anobject, rather than its specific identity is of greatest importance.

FIG. 11 shows four examples of illicit behavior. The first, on the farleft, shows the diversion of a legitimate product for illicit use. Thusmight a legitimate high-end handbag be diverted to a black-marketcustomer. The second example shows a middleman, in the course ofassembling a product, substituting an illicit component for anauthorized one. An example of such illicit construction was theContinental Airlines cowling piece that, when it detached on takeoff,caused the destruction of the Concorde.

The third example shows a counterfeit component coming from amanufacturer and being added to the object. This is very similar to theprevious example except for the external origin of the counterfeit andthe possibility that, under the current system, the recipient may notknow the component is counterfeit.

Finally, on the far right, we show the customer purchasing a counterfeitobject unintentionally.

Nothing in our technology is designed to counter the problem of knownknock-offs or known thefts, willingly purchased.

The very large, and rapidly growing, trade in counterfeits is proof ofhow difficult it is to guard against any of these illicit activities.Counterfeits get around current anti-counterfeiting methods either bybeing intentional internal fraud (the “homemade” component problem) orby mimicking legitimate objects well enough to fool the recipient.

The technology taught in our patent documents, when employed in a systemsuch as the one outlined in FIG. 12 below, avoids each of theseproblems.

The authentication system taught in our patent documents can be appliedto a supply chain to reduce or eliminate the risks of counterfeitobjects entering into or legitimate objects being diverted from, thechain. FIG. 12 schematically represents the application of the taughttechnology at a location within a supply chain. The circle 1205represents an intermediate stakeholder (neither a producer of rawmaterials nor an end-user).

The arrows 1201 show the stakeholder receiving components for hisproduction. To ensure that the received components are legitimate, thestakeholder authenticates them as described below.

The stakeholder then produces his objects and inducts them into thedatabase along with other required information so that they may later beauthenticated by downstream stakeholders. He then ships them (arrows1213) to his customers.

Authentication has several stages. Although seen from the point of viewof any object in the system, induction precedes authentication, whenseen from the perspective of an individual stakeholder, the opposite isthe case. It is from that latter perspective that this diagram isdiscussed.

Not all objects need be authenticated. The database has previously beenpopulated by an entity with a primary stake in the final object beinglegitimate, his may be the final recipient (in the case of contractedparts) or the brand holder (in the case of high-end consumer goods), oranyone else as appropriate. All objects required by the completed objectthat are sufficiently important to be authenticated are entered alongwith the identity of their authorized manufacturers.

-   -   Authentication. An object is received (the arrows 1201 coming        from their circles 1202) by the stakeholder (here shown as        circle 1205). An authentication query (not shown) is sent to the        data store and authentication responses (shown as arrows 1203)        received from the data store. If the object is authenticated,        the object can be entered into the stakeholder's inventory and,        if authentication-based purchase is in use (see the patent        document on that subject), the payment process is begun. If the        object is not authorized, it is rejected. No authentication is        performed by suppliers that initiate the supply chain or on        parts that are not required to be authenticated.

Authentication comprises the following steps:

-   -   Regions of interest are identified and fingerprint features        created    -   Identifying information is captured or entered (e.g. serial        number, part source) into a computer record coupled to the        fingerprint features    -   The above are sent to the data store along with information        identifying the stakeholder        -   The data store confirms that all of the following (where            appropriate and required) are true:        -   The stakeholder has been authorized to authenticate objects        -   The identification data supplied for the object matches a            database record.

Undetected Diversion of a Legitimate Object

Illicit introduction of a counterfeit. If a part requires authenticationand recipient attempts to authenticate it, a counterfeit part will notpass authentication and thus not enter the supply chain. In the eventthat the recipient fails to authenticate the object, his own productswill fail of authentication by downstream stakeholders. Only an end-userwho either intentionally receives a counterfeit object or who doesn'tcare is not protected.

Illicit substitution. If a legitimate manufacturer decides to cutcorners and either purchase or himself produce a substitute for apartthat requires authentication (what we have been calling “essential”), hecannot authenticate that part (since it did not come from a legitimatemanufacturer who had previously inducted it and since he himself cannotinduct it). As a result, the objects he produces using that part willnot pass authentication by downstream stakeholders.

Diversion. Each object that requires authentication has a database entryassociated with its manufacturer and with its intended recipient. If theintended recipient never authenticates the object, then it can bepresumed to have gone astray (either between the manufacturer andintended recipient or have been put to illicit use by the intendedrecipient).

-   -   The fingerprint features, their arrangement, and all other        required information matches the database record for the object.        This establishes that the object is one that was entered into        the database by a party authorized to do so.    -   That manufacturer is confirmed by the data store as having        shipped the object to the stakeholder and having authorized the        stakeholder to authenticate the object    -   All required inputs for the object were properly authenticated        by their recipients (in other words the circles 1202 did        previously what the circle 1205 is doing now) and inducted into        the data store along with other required information.

In other words, an object is authentic when it is inducted into thedatabase by its manufacturer. This can only happen when the manufactureris authorized to manufacture the object and all of the object's(essential) components are authentic.

Once all the essential components have been authenticated (there may becomponents that do not require authentication), the stakeholderassembles them into his products. He then inducts his products into thedata store. No induction is done by end-users or by middlemen whoseproducts are not required to be authenticated.

Induction comprises the following steps:

-   -   A serial number or other identifying information is created for        the object.    -   Object is imaged (or raw information is captured) and feature        information extracted that, if confirmed, is sufficient to        identify the object.    -   A data store record is created containing the following        information        -   Serial number or other identifying information        -   Fingerprint and template features of the object        -   Any required contextual and metadata including            -   Evidence that all essential components of the part have                been authenticated            -   Intended recipient of the part            -   Authorization of that recipient to authenticate the part            -   Tracking and other metadata as required        -   The above system addresses:    -   Introduction of a counterfeit part    -   Illicit substitution of a required part by a legitimate        manufacturer who is cutting corners

EXAMPLE EMBODIMENTS

Example 1 is a method of capturing an image as an integral part of themanufacturing process, of extracting a digital fingerprint from thatimage, of storing the digital fingerprint in a secure database for lateruse in authentication. The digital fingerprint data stored in thedatabase may include contextual and metadata associated with the object.The object, through its digital fingerprint, may itself serve as aphysical token to gain access to the additional associated digital datain the database. This could be done by imaging the object, extracting adigital fingerprint of the object, and using the extracted digitalfingerprint to access the associated data. The “manufactured object” maybe a document and the “manufacturing process” may include creating andauthenticating a document on a printer also fitted for extracting adigital fingerprint of the created document. In this embodiment, thepages of a will might be digitally fingerprinted as the pages areprinted, for later use in authentication of the originals.

Example A-1 is an apparatus for authenticated production. The apparatusmay include one or more machines to produce or manufacture physicalproducts or physical manufactures; a database system in communicationwith the one or more machines, the database system including a digitalfingerprint processor configured to: identify an activation of at leastone of the one or more machines to attempt to produce or manufacture atleast one of the physical products or physical manufactures; responsiveto completion of one or more operations associated with the activationby the one or more machines, acquire digital image data of a portion ofa physical object proximate to the one or more machines; analyze thedigital image data to form a digital fingerprint of the physical object,wherein the digital fingerprint is responsive to structure of thephysical object; and store the digital fingerprint in a database recordof the database system.

Example A-2 includes the subject matter of example A-1 (and/or any otherexample herein), wherein the digital fingerprint processor is furtherconfigured to: identify the completed production or manufacture of theat least one of the physical products or manufactures; and storeinformation about a time or other characteristic of the completedproduction or manufacture in the database record.

Example A-3 includes the subject matter of any of examples A-2 throughA-3 (and/or any other example herein), wherein the digital fingerprintcomprises information about the physical object, and wherein the digitalfingerprint processor is further configured to: obtain at least one ofadditional information about the physical object, information about theattempt, information about a state of the at least one machine, orinformation an operator of the at least one machine; and store the atleast one of the additional information, the information about theattempt, the information about the state of the at least one machine, orthe information about the operation of the at least one machine.

Example A-4 includes the subject matter of any of examples A-2 throughA-3 (and/or any other example herein), wherein the additionalinformation about the physical object comprises contextual and/ormetadata associated with the physical object.

Example A-5 includes the subject matter of any of examples A-2 throughA-4 (and/or any other example herein), wherein the additionalinformation comprises a serial number or other value present in thedigital image data.

Example A-6 includes the subject matter of any of examples A-2 throughA-5 (and/or any other example herein), wherein the at least one machinecomprises a fabrication device and the portion of the physical objectcomprises a completed surface.

Example A-7 includes the subject matter of any of examples A-2 throughA-6 (and/or any other example herein), wherein the portion of thephysical object comprises a surface to be accessible on completion of atleast one of the physical products or physical manufactures.

Example A-8 includes the subject matter of any of examples A-2 throughA-7 (and/or any other example herein), wherein the at least one of thephysical products or physical manufactures comprises a system includinga first component and a second component, and wherein said physicalobject comprises the first component.

Example A-9 includes the subject matter of any of examples A-2 throughA-8 (and/or any other example herein), wherein the component of theplurality of components comprises a first component, and wherein thedigital fingerprint processor is further configured to: acquireadditional digital image data of a portion of the second component;analyze the additional digital image data to form a digital fingerprintof the second component, wherein the digital fingerprint is responsiveto structure of the second component; and store the digital fingerprintof the second component in the same or another database record of thedatabase system.

Example A-10 includes the subject matter of any of examples A-2 throughA-9 (and/or any other example herein), wherein the digital fingerprintprocessor is further configured to transmit a control signal to the atleast one machine to prevent the attempt to produce or manufacture theat least one of the physical products or physical manufactures fromcompleting based on content of the digital image data.

Example A-11 is method of authenticated production using one or moremachines to produce or manufacture physical products or manufactures.The method may include identifying an activation of at least one machineof the one or more machines to attempt to produce or manufacture atleast one of the physical products or physical manufactures; responsiveto completion of one or more operations associated with the activationby the one or more machines, acquiring digital image data of a portionof a physical object on or inside the one or more machines; analyzingthe image data to form a digital fingerprint of the physical object,wherein the digital fingerprint is responsive to structure of thephysical object; and storing the digital fingerprint in a databaserecord of a database system.

Example A-12 includes the subject matter of example A-11 (and/or anyother example herein), wherein the physical object comprises a componentof the at least one of the physical products or physical manufactures.

Example A-13 includes the subject matter of any of examples A-11 throughA-12 (and/or any other example herein), further comprising completing ormanufacturing the at least one of the physical products or physicalmanufactures following the acquisition of the digital image data.

Example A-14 includes the subject matter of any of examples A-11 throughA-13 (and/or any other example herein), wherein the record comprises anew record created responsive to forming the digital fingerprint of thephysical object.

Example A-15 includes the subject matter of any of examples A-11 throughA-14 (and/or any other example herein), further comprising preventingthe at least one machine from producing or manufacturing the least oneof the physical products or physical manufactures responsive to a resultof the analysis of the digital image data.

Example A-16 includes the subject matter of any of examples A-11 throughA-15 (and/or any other example herein), wherein the physical products ormanufactures comprises printed documents.

Example A-17 includes the subject matter of any of examples A-11 throughA-16 (and/or any other example herein), further comprising: subsequentto storing the digital fingerprint in the database record, identifyinginformation corresponding to a target physical object, whereinidentifying the first information corresponding to the target physicalobject includes acquiring second digital image data of a portion of thetarget physical object extracting features from the second digital imagedata to form a second digital fingerprint querying the database systemto seek a matching record based on the second digital fingerprint; andin the case that a matching record is returned responsive to thequerying, updating the matching record with an indication that thesecond digital fingerprint was matched to it.

Example A-18 includes the subject matter of any of examples A-11 throughA-17 (and/or any other example herein), wherein the at least one machinecomprises a fabrication device and the portion of the physical objectcomprises a completed surface.

Example A-19 includes the subject matter of any of examples A-11 throughA-18 (and/or any other example herein), wherein the fabrication devicecomprises at least one of a three-dimension printer or a documentprinter.

Example A-20 is an apparatus for authenticated production. The apparatusmay include one or more machines to produce or manufacture physicalproducts or physical manufactures, the one or more machines including aprocessor configured to: identify an activation of at least one of theone or more machines to attempt to produce or manufacture at least oneof the physical products or physical manufactures; and ascertain whetherto permit the one or more machines to produce or manufacture the atleast one of the physical products or physical manufactures; and adatabase system in communication with the first processor, the databasesystem including a second digital fingerprint processor configured to:identify information about the attempt; signal the first processor ifthe attempt is not authorized based on the identified information aboutthe attempt; responsive to completion of one or more operationsassociated with the activation by the one or more machines, analyzedigital image data of a portion of a physical object on or inside theone or more machines to form a digital fingerprint of the physicalobject, wherein the digital fingerprint is responsive to structure ofthe physical object; and store the digital fingerprint in a databaserecord of the database system.

Example A-21 is a method of authenticated production using one or moremachines to produce or manufacture systems, the method comprising:identifying an activation of at least one machine of the one or moremachines to attempt to produce or manufacture at least one of thesystems using one or more parts; wherein the one or more parts areinducted into a database system, and wherein the database systemincludes a first database record including one or more digitalfingerprints of the one or more parts, respectively; responsive tocompletion of one or more operations associated with the activation bythe one or more machines, acquiring digital image data of a portion of aphysical object associated with the system, the physical object havingthe one or more parts coupled thereto; analyzing the image data to forma digital fingerprint of the physical object, wherein the digitalfingerprint is responsive to structure of the physical object; andperforming at least one of storing the digital fingerprint in the firstdatabase record or storing the digital fingering in a second databaserecord that is of the database system and linked to the first databaserecord.

Example A-22 includes the subject matter of example A-21 (and/or anyother example herein), further comprising: identifying an activation ofthe one or more machines to attempt to produce or manufacture at leastone of the one or more parts; responsive to completion of one or moreoperations associated with the activation to attempt to produce ormanufacture the at least one of the one or more parts, acquiring digitalimage data of a portion of a physical object associated with the atleast one of the one or more parts; analyzing the image data to form adigital fingerprint of the physical object associated with the at leastone of the one or more parts, wherein the digital fingerprint isresponsive to structure of the physical object associated with the atleast one of the one or more parts; and storing the digital fingerprintin the first database record of the database system.

Example A-23 includes the subject matter of any of examples A-21 throughA-22 (and/or any other example herein), wherein the system comprises acomputer, and the one or more parts comprise at least one of a circuitboard, a drive, or a chip.

Example A-25 includes the subject matter of any of examples A-21 throughA-24 (and/or any other example herein), further comprising: storingfirst metadata associated with the production or manufacture of the oneor more parts in the first record; and storing second metadataassociated with the production or manufacture of the at least one of thesystems in at least one of the first database record or the seconddatabase record that is linked to the first database record.

Example A-26 includes the subject matter of any of examples A-21 throughA-25 (and/or any other example herein), wherein the first metadataidentifies a relative physical location of each one or more partsrelative to the at least one system for authenticating the at least onesystem based an arrangement of the one or more parts.

Example A-27 is one or more memory storing instructions to be executedby one or more processors, wherein the instructions when executedperform operations corresponding to the steps of any of the examplesA-11 through A-19 and A-21 through A-26 (and/or any other exampleherein).

Hardware and Associated Software

Most of the equipment discussed above comprises hardware and associatedsoftware. For example, the typical electronic device is likely toinclude one or more processors and software executable on thoseprocessors to carry out the operations described. We use the termsoftware herein in its commonly understood sense to refer to programs orroutines (subroutines, objects, plug-ins, etc.), as well as data, usableby a machine or processor. As is well known, computer programs generallycomprise instructions that are stored in machine-readable orcomputer-readable storage media Some embodiments of the presentinvention may include executable programs or instructions that arestored in machine-readable or computer-readable storage media, such as adigital memory. We do not imply that a “computer” in the conventionalsense is required in any particular embodiment. For example, variousprocessors, embedded or otherwise, may be used in equipment such as thecomponents described herein.

Memory for storing software again is well known. In some embodiments,memory associated with a given processor may be stored in the samephysical device as the processor (“on-board” memory); for example, RAMor FLASH memory disposed within an integrated circuit microprocessor orthe like. In other examples, the memory comprises an independent device,such as an external disk drive, storage array, or portable FLASH keyfob. In such cases, the memory becomes “associated” with the digitalprocessor when the two are operatively coupled together, or incommunication with each other, for example by an I/O port, networkconnection, etc. such that the processor can read a file stored on thememory. Associated memory may be “read only” by design (ROM) or byvirtue of permission settings, or not. Other examples include but arenot limited to WORM, EPROM, EEPROM, FLASH, etc. Those technologies oftenare implemented in solid state semiconductor devices. Other memories maycomprise moving parts, such as a conventional rotating disk drive. Allsuch memories are “machine readable” or “computer-readable” and may beused to store executable instructions for implementing the functionsdescribed herein.

A “software product” refers to a memory device in which a series ofexecutable instructions are stored in a machine-readable form so that asuitable machine or processor, with appropriate access to the softwareproduct, can execute the instructions to carry out a process implementedby the instructions. Software products are sometimes used to distributesoftware. Any type of machine-readable memory, including withoutlimitation those summarized above, may be used to make a softwareproduct. That said, it is also known that software can be distributedvia electronic transmission (“download”), in which case there typicallywill be a corresponding software product at the transmitting end of thetransmission, or the receiving end, or both.

Having described and illustrated the principles of the invention in apreferred embodiment thereof, it should be apparent that the inventionmay be modified in arrangement and detail without departing from suchprinciples. We claim all modifications and variations coming within thespirit and scope of the following claims.

The invention claimed is:
 1. A method of authenticated production, themethod comprising: for each of a plurality of parts destined for anassemblage, capturing at least one image of at least a portion of thepart; submitting a representation of the captured at least one image ofat least the portion of the part to a digital fingerprint processor;receiving information that indicates whether the part has beenauthenticated via the digital fingerprint processor based on at leastone digital fingerprint extracted from the representation of thecaptured at least one image of at least the portion of the part; and inresponse to the information that indicates that the part has beendetermined to be authenticate by the digital fingerprint processor basedon at least one digital fingerprint extracted from the representation ofthe captured at least one image of at least the portion of the part,utilizing the part in the assemblage.
 2. The method of claim 1, furthercomprising: causing the assemblage to be inducted into a databasesystem.
 3. The method of claim 2 wherein causing the assemblage to beinducted into a database system include causing the database system tostore metadata for the assemblage.
 4. The method of claim 3 whereincausing the database system to store metadata for the assemblageincludes causing the database system to store authorized user identifyinformation that identifies an authorized user indicated byauthentication credentials supplied in connection with an inductionrequest.
 5. The method of claim 3 wherein causing the database system tostore metadata for the assemblage includes causing the database systemto store metadata for inventory notifications.
 6. The method of claim 5wherein causing the database system to store metadata for inventorynotifications includes causing the database system to store informationabout a time or other characteristic of an authenticated production ofthe assemblage.
 7. The method of claim 2 wherein causing the assemblageto be inducted into a database system include causing the databasesystem to link at least one record for the assemblage with at least onerecord for each of authenticated ones of the parts that constitute theassemblage.
 8. The method of claim 1 wherein capturing at least oneimage of at least a portion of the part includes capturing at least oneimage of at least a portion of the part in a first secured area.
 9. Themethod of claim 1 wherein capturing at least one image of at least aportion of the part includes capturing at least one image of at least aportion of the part in a first secured area in which assembly isperformed.
 10. The method of claim 1 wherein capturing at least oneimage of at least a portion of the part includes capturing at least oneimage of at least a portion of the part in a first secured area andwherein submitting a representation of the captured at least one imageof at least the portion of the part to a digital fingerprint processorincludes submitting the representation of the captured at least oneimage of at least the portion of the part to a digital fingerprintprocessor located in a second secure area, the second secure areadifferent and separate from the first secure area.
 11. The method ofclaim 10 wherein submitting a representation of the captured at leastone image of at least the portion of the part to a digital fingerprintprocessor located in a second secure area, the second secure areadifferent and separate from the first secure area includes submittingthe representation of the captured at least one image of at least theportion of the part to the digital fingerprint processor via a securecommunications link.
 12. The method of claim 1, further comprising:providing the assemblage for shipping, following an authenticatedproduction of the assemblage.
 13. The method of claim 1, furthercomprising: analyzing digital image data to form the at least onedigital fingerprint of the part, where the analyzing includes extractingat least one location of interest and generating one or more featurevectors based on the extracted at least one location of interest.
 14. Asystem to facilitate authenticated production, the system comprising: atleast one processor; at least one non-transitory processor-readable thatstores processor-executable instructions which, when executed by the atleast one processor, cause the at least processor to: for each of aplurality of parts destined for an assemblage, capture at least oneimage of at least a portion of the part; submit a representation of thecaptured at least one image of at least the portion of the part to adigital fingerprint processor; receive information that indicateswhether the part has been authenticated via the digital fingerprintprocessor based on at least one digital fingerprint extracted from therepresentation of the captured at least one image of at least theportion of the part; and in response to the information that indicatesthat the part has been determined to be authenticate by the digitalfingerprint processor based on at least one digital fingerprintextracted from the representation of the captured at least one image ofat least the portion of the part, release the part for inclusion in theassemblage.
 15. The system of claim 14 wherein, when executed by the atleast one processor, the processor-executable instructions cause the atleast processor further to: cause the assemblage to be inducted into adatabase system.
 16. The system of claim 15 wherein to cause theassemblage to be inducted into a database system theprocessor-executable instructions cause the at least one processor tocause the database system to store metadata for the assemblage.
 17. Thesystem of claim 16 wherein to cause the database system to storemetadata for the assemblage the processor-executable instructions causethe at least one processor to cause the database system to storeauthorized user identify information that identifies an authorized userindicated by authentication credentials supplied in connection with aninduction request.
 18. The system of claim 16 wherein to cause thedatabase system to store metadata for the assemblage theprocessor-executable instructions cause the at least one processor tocausing the database system to store metadata for inventorynotifications.
 19. The system of claim 18 wherein to cause the databasesystem to store metadata for inventory notifications theprocessor-executable instructions cause the at least one processor tocause the database system to store information about a time or othercharacteristic of an authenticated production of the assemblage.
 20. Thesystem of claim 15 wherein to causing the assemblage to be inducted intoa database system the processor-executable instructions cause the atleast one processor to cause the database system to link at least onerecord for the assemblage with at least one record for each ofauthenticated ones of the parts that constitute the assemblage.
 21. Thesystem of claim 14 wherein to capture at least one image of at least aportion of the part the processor-executable instructions cause at leastone processor to cause a capture at least one image of at least aportion of the part in a first secured area.
 22. The system of claim 14wherein capturing at least one image of at least a portion of the partthe processor-executable cause at least one processor to cause a captureat least one image of at least a portion of the part in a first securedarea in which assembly is performed.
 23. The system of claim 14 whereinto capture at least one image of at least a portion of the part theprocessor-executable instructions cause the at least one processor tocause a capture at least one image of at least a portion of the part ina first secured area and wherein to submit the representation of thecaptured at least one image of at least the portion of the part to adigital fingerprint processor the processor-executable instructionscause the at least one processor to cause a submission of therepresentation of the captured at least one image of at least theportion of the part to a digital fingerprint processor located in asecond secure area, the second secure area different and separate fromthe first secure area.
 24. The system of claim 23 wherein to submit therepresentation of the captured at least one image of at least theportion of the part to a digital fingerprint processor located in asecond secure area, the processor-executable instructions cause the atleast one processor to cause a submission of the representation of thecaptured at least one image of at least the portion of the part to thedigital fingerprint processor via a secure communications link.
 25. Thesystem of claim 14 wherein, when executed, the processor-executableinstructions cause the at least one processor further to: analyzedigital image data to form the at least one digital fingerprint of thepart, where the analysis includes extraction of at least one location ofinterest and generation of one or more feature vectors based on theextracted at least one location of interest.